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(57) Abstract: 

PROBLEM TO BE SOLVED: To accelerate at least partial 
remainder operations and to accelerate the overall 
operation speed further by the acceleration of remainder 
computation. 

SOLUTION: In a division circuit 40 arranged in 
respective product sum circuits 301 -30n, though it is 
the remainder computation by a modulus m, the end 
condition of the remainder operation is mitigated so as 
to compare the executed result h' of the remainder 
computation with a value 2r larger than the modulus m. 
Thus, the remainder computation is accelerated by the 
acceleration of loop control itself by the adoption of 
an easily comparable number which is 2r and the 
reduction of the number of times of loops by. the 
adoption of a large number which is 2r. 
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[What is claimed is : ] 

1. A Montgomery multiplication device 
for, when a positive integer N and positive integers 
x and y tha't are less than N are set to inputs and bases 
of a remainder -computation system are set to {ai, a 2 ,..-., 
ai, a n } and { bi , b 2 , bi , b n } (l^i^n, nisa positive 
integer) , calculating an output w that is equal to xyET 1 
mod N using an integer B that is defined as multiplication 
of elements of the bases, comprising: 

a first storage unit storing elements of the 
respective bases {a X/ a 2 ,..., a n } and {b x , b 2 , ...,«b n } and 
a prior calculation result used for calculating the 
output w; 

. an approximation computation unit, when an input 
£ i "used for expansion of the bases is received, extracting 
higher q bits of the input f i, adding a present extract ion 
value and a previous addition result excluding a highest 
bit and outputting a value ki of a highest bit from the 
obtained addition result; 

a remainder computation unit executing remainder 
calculation (modulus m that is equal to 2 r -\i is one element 
of the bases, r is an integer that ' sat is f ies m^S2 r and 
\i. is a nonnegative integer that is less than 2 r ) while 
setting elements of the respective bases {ai, a 2 ,..., a n } 



and {bi, b 2 ,..., b n } to a modulus m based on contents-of 
the first storage unit and the output k L of the 
approximation computation unit; and 

a second storage unit storing results of remainder 
calculation performed by the remainder computation unit , 
wherein 

the remainder computation unit comprises: 
a remainder calculation part for receiving an input 
z (z is a positive integer) comprising a sum (xy+d+c) 
of a product xy of inputs x and y inputted from the first 
or second storage unit, a previous remainder calculation 
result d and the prior calculation result c inputted 
based on the output ki of the approximate computation 
unit, and for executing remainder calculation h= z mod 
m by a modulus m of the input z; and 

.a loop control part for comparing an execution 
result h' executed by the remainder calculation part 
with an upper limit value 2 r of the modulus m,. for returning 
the execution result h' to the remainder calculation 
part as the input z when the execution result h' is equal 
to or greater than 2 r and for outputting the execution 
result h' to the second storing unit as a result h' of 
the remainder calculation when the execution result h' 
is less than 2 r . 
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2. The Montgomery multiplication device 
according to claim- 1, wherein 

the remainder calculation part, 
comprises: 

5 a bit selection part for, when 

executing remainder calculation h=z mod m by a modulus 
m of the input z, respectively selecting a value z 0 of 
lower r bits of the input z and a value z x of higher bits 
excluding 

10 the value z 0 of the lower bits from the input 
z; 

a multiplication part for, when the 
value zi of higher bits extracted by the bit selection 
part and an input p regarding the' modulus m are received, 
15 calculating a product" Zip of the value Zi and the input 
p; and 

an addition part for calculating a sum 
( Zip + z 0 ) of the product z iu obtained by the multiplication 
part and the value z 0 of lower r bits extracted by the 
20 bit selection part, wherein 

an execution result h' executed by the remainder 
calculation part is a sum (ziu+Zo) obtained by the addition 
part . 

25 3. A Montgomery multiplication method 
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of, when a positive integer N and positive integers x 
and y that are less than N are set to inputs and bases 
of a remainder computation system are set to a 2 ,..., 
ai, a n } and {bi, b 2 , ...,bi, b n } (i^SiSSn, n is a positive 
■5 integer) , calculating an output w that is equal to xyB" 1 
mod N using an integer B that is defined as multiplication 
of elements of the bases, comprising: 

a first storage process of storing elements of the 
respective bases {a lf a 2 ,„., a n } and {b lf b 2/ b n } and 
10 a prior calculation result used for calculating the 
output w; 

an approximation computation process of, when an 
input £ i used for expansion of the bases is received, 
extracting higher qbits of the input £ i, adding a present 
15 extraction value and a previous addition result excluding 
a. highest bit and outputting a value ki of a highest bit 
. from the obtained addition result; 

a remainder computation process of executing 
remainder calculation' (modulus m that is equal to 2 r -p 
2 0 is one element of the bases, r is an integer that satisfies 
m^2 r and p is a nonnegative integer that is. less than 
2 r ) while .elements . of the respective bases {ai, a 2 ,..., 
a n } and {bi, b 2 ,..., b n } are set to a modulus m based on 
contents of the first storage process and the output 
25 ki of the approximation computation process; and 



5 

a second storage process of storing results of 
remainder calculation performed by the remainder 
computation process, wherein 

the remainder computation process comprises: 
5 a remainder calculation process of receiving an 

input z ( z is a positive integer) comprising a sum (xy+d+c) 
of a product xy of - inputs x and y inputted from 
storage contents of the first or second storage process, 
a previous remainder calculation result d and the prior 

10 calculation result c inputted based on the output ki of 
the approximate computation process, and of executing 
remainder calculation h= z mod m by a modulus m of the 
input z ; and 

a loop control process of comparing an execution 

15 result h' executed by the remainder calculation process 
with an upper limit value 2 r of the modulus m, returning 
the execution result h' to the remainder calculation 
process as the input z when the execution result h' is 
equal to or greater than 2 r and outputting the execution 

20 result h' to the second storing process as a result h 
of the remainder calculation- when the execution result 
h' is less than 2 r . 

4. The Montgomery multiplication method 

25 according to claim 3, wherein 



the remainder ' calculation process , 
comprises: 

a bit selection process of, when 
executing remainder calculation h=z mod m by a modulus 
m of the input z, respectively selecting a value z 0 of 
lower r bits of the input z and a value Zi of higher bits 
excluding 

the value z 0 of the lower bits from the input 
z; 

a multiplication process of, when the 
value Zi of higher bits extracted by the bit selection 
process and an input p regarding themodulus mare received, 
calculating a product zip of the value zi and the input 
jj; and 

an addition process of calculating a 
sum (zip +. z 0 ) of the product z x \i obtained by the 
multiplication process and the value z 0 of the lower r 
bits extracted by the bit selection process, wherein 
an execution result h' executed by the remainder 
calculation process is a sum (zip+z 0 ) obtained by the 
addition process. 
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tZAtltU M&§m3k0>m&* (a.i, a 2 , 
a'i, a n } Sitf (bj, b2. — . bi. — , 
b n ) (l<i^n, nttiE©lSR) tLt-££. buIB 

wmffmmv&mt L-c£*is4ifcsgRB (= b i'b 2 

-b n ) fefflUT, ffiiw=xyB-!mod N Srjfffi 
«FlBS«lSa«SR { a 1 , a 2, a n } £<fcl>* { b 

1, b 2 , -. b n } tmimti^com-mm^mm 
immm,z>ii}mm<DA*) 1 i iuiBA^t 

ftfcflnjws*©-^ MutMi^v h^fflk i smarts 

k i iufB&SJ£©S^ { a 1 , a 2, — . 

a n } teJctMbi, b2. -. bn) &&mfc1-*S0 

2 r anfeim ^42 r^»(^^AftaR) zmtf-r 
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m (xy + d + c) ^45A*z (fiU ztelEcOM 

s> zgtt&tmz. mzKjjzwmmiz&zm&n-h 30 
= z mod mzzmt&mammt.* 

^Wmf^ h ' fcliUBA* z LT jfflf BSfJskJSSHCM 
U lt(iBII^?^h , ^2 r^cD^gtcti^g^f^ 

* h ' itmm&mffim h t l t 1*1 bis 2 i a^istc 

fc**.fc - 1 y 3* y £MgB. 

[if *3S 2 ] 1 tciB*<o^ > =r * y mmmwiz 

fe^T, 40 
aiJ82*feftJR|H4. 

luIEA*zOffimlC«k-SPJ^#h=z mod mfcH 
fftZ>£& tlHBA*z©Tfiirtf«v.h®fflz oil. tu 

z 1 hmRMt. 
K^yttffiStlfeT&r fcf-5/ hCDMz o£<Of0 (z i m 50 
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+ z 0 ) fcllffl-fsflHirsPi: 

%t>titzM (zim + zo) -?$>Z>Z.tZ:!!tm£-fZ > ^ 

tZAtltU %&mm.&<Dmi&Z: Ui, a 2 > 
ai, — , a n } 33<J:lMbi, b2» — . b j, — , 
b n } (iSiSn, nliiE©SBS) MB 

m&(omm(Dsmt um^mb (= b i b 2 

• b n ) feffiHT, tftfjw = xyB-lmod N&Uffi 

{ a i , a 2 , a n } b 
l. b 2 . b n } i:SWSffi*w©3fm«®9CiWtllc 

esfcA^aistisig i §3«x3S£, 

«S3¥Xg£:, 

MIBffl l IElSX@<7)iB«^fe«feO t tafBia^^:xgffl 
ffi*k i (CSo'VNT, |fiiB#aJS©S^ { a i , a 2 . 
-, a n ) feitf (bi, b 2. -. b n ) fr&mt.-* 
&m&M (fiU ffim=2r-(i !±SJ£©-Sm r 14 
mg2.r^fm Al42r^©^^^S) feU 

tulB^ 1 IBlSXg©IBll;P ( g^Xl4tuf3^ 2 s3»XS©IB 
e> CO A* x , y C0« x y t KHa<Z«W*Jf®fe» 
d fctagaia(KS9tDg©ffi*k i tCSo'SA^S^Stu 
IB*tultmgmci:©fD (xytd + c) s^e»&*A* 
z (fiU zlimoDSBS) tUIBA^z 
©ffim»Cj:S*fl^39[h = z mod m&|©f-r«>PJ# 
WX^i:, 

mmBSfl^mxStCfc^fJigmh' iilufBSmCOXPSfil 
zrtZtmU ms&gffimh' tf2rVXt<Dtmz 

te^mmmsMk h • -k^mxti z t. l xmm&njM 
h ' tcmm&mnmi h t u tiuib^ 2 iedix 

[it 4 ] n&& 3 tciB^©^ > 3* y s^^stc 

ff)IBA±»z(Z)Sm{Cj:-g>pJ^Wh = z mod m$:^ 
^Tf 5 i: BUS BA* z CDT& r tT^y h ODH zflt. i 

z i^^aai^^ b«r^i:. 
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lM\z^ Uffla}£*i£T{4r tfy bcoffiz o i:©fn (z 
1 A + z o ) ?:»aj-r ^iomxg t £-&A,T as y , 

«tyf»^nfe*p (zi/t + zo) xtizztzamt? 

[^0fim&ttf&] 

[0 0 0 1] 10 

(Bat&t^WS»c«y, »(:. 3<0#3l<D;i/-XM«cDi©I 

t ttc «fc y . ^ffcwBSiiss & ifl± u#-s> =e > =r* u sm 

[0002] 

[mkoymm » <^smm%<omm l &im-t\z'=> 

& *ILh©**|! (f7 7^ h .7. # > K) T'feS R 20 
SA (Rivest-Shamir-Adleman) ^^Tii. l,024KT>y h 
CD^tfC <fc SKfaftft* & WaHCtTfc -5 iBgjW&S . 

[0 0 0 3] «*j»jS%ijat®i«aft©-*j£i: UT, 90 

&WM-Tk (Residue Number System, J^RNStl'* 
&2t&m<m (ai, a 2, -, a n } M 

[odo4] ztibgizmnm ui, a 2 . 

-, a n ) SRNS0Mi:i?y', aj£&#fiSc1-SS^ 30 
0>flB8 n X h BfcK. * £ a = 

{a i, a 2, -•. a n } 

[0 0 0 5] m&xtm& (a i, a 2, -, 

a n ) ff&*.*>tl1=.£.&* x&fflgai (i = l, 2, 
-, n) T'fJofc^y x i <OJSS (x i, X2. 
x n ) ^xffiRNSSlt'fel). HHT', xi=x m 

0 d a i T&'So 

[0 0 0 6] Z(D£%, xlju SJ£©±giS©«A= a 

1 a 2 • • a n feffii: LT— «WfC«ST?gS. -tfefc 

x^A^©iES@ST*fett^ xi:-?-©RNS*5i 40 
(xi, X2, • •. x n ) 14— £j— tcM^I'^^ 
[000 7] R N S as3W«fflradrOMRfeSaKSC3BFasldu 
rf<-yi>i'b (Posch et al) iCiSffi^ (K. C. Posch, 
R. Posch, "Modulo Reduction in Residue Number Sys 
terns" , IEEE Transaction on Parallel and Distribut 
ed Systems, Vol.6, No. 5, May 1995, pp. 449-454 JkZf 
"RNS-Modulo Reduction Upon a Restricted Base Valu 
e Set and its Applicability to RSA Cryptograph 
y" , Computer & Security, Vol. 17, pp. 637-650, 199 

8) mmzjnmz £&mm 1 1 - 3 1 0 6 1 9 50 
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[0008] z.ftb0m&3k$&jmz. rn smmxo 

(Montgomery) CD^g{C «fc SSO&fillfcfrSi (#T, ^> 
=feL>JSJ|£^3. ftgHft P. L. Montgomery, "Modula 
r Multiplication without Trial Division" , Mathema 
tics of Computation, Vol. 44, No.170, pp. 519-521, Apri 

1,1985) zmm-t $>zrn smmx-mmzti 
t=ma^ mmm*m^xm<bmg.xmi-tz>z\t, 

[0009] iit, wmm*< «*.«. mixizis 

V^T, g;&a= {a i, a 2, -, a n } T'<D®§E (x 

mod a i, x mod a 2. x mod 
a n ) ^"bSiSaU {b i) = {a i, a 2, 
a n. b 1 ) X'(D^M (x mod aj, x mod 
a 2, •"» x mod a n , x mod b j) £ 

[0 0 10] 3.GD0§T*14, SJSCDiMXfc loJf-^L/fc 
tfi, 3©j^&i#y&UT«igCD+MXS:n' A (n* 
ItWSQ m*P U tfflKSfflTt® RN S »J ffi 

[ooii]«^t, iiLtcoi o teffl&mnijmz-3^ 
x^mzmm-t^. 04 wmizzymmztitey 
3*vmmm<mf&*tt-?m£MX'&z>. r©=E>=r 

* U 3ll3?$lfil4, R N S*3iT?a>^ > =T* »J SlllSrJilfi 1 
y . 2jsf§^#Mmc;i |fcr£>K J; yCox-Rowe 

ox-Rower 7 -^^^^X\t. m ^CdfeWSSKSnT 
*l-?- 5 *l§0:^3f^f&-i> n{@©RowerrL- >y hH*fU 

[0012] coxn-^ hti, mmm<Dtz.^> 
©t>®T?*y. ^hXRffi i2it«inj(»i 2*»e>«c 

*o £*y bSJRgPl 1 li, Rowern.n>y h CD RAM 2 1 
i *^A*Stifc r e>y NcaaRfi i ffl±fiqt;'7 h S: 

[0013] #n»c#§ i 2 it. ^co q \±v vom^^wm 
(Dim&gkiztmu nbtit-MmgmcD.q + 1 h 
g (jjuwoy**? 0 - 1 tr^ h) tcfis-t-g) i tf y hcoiif 

k i &«-RowerZL->y h{Ctti^-r^ 0 3ZLT*rl4gfi&a 
ffl^Iia j ~ a n COtf ^ h^T'fe U, q tt r *^C0iE 

[0014] 1,024 tr ^ hco^^^i# 

S©A7^-ifS:n = 33, r = 3 2, q = 7 fclZtltf 

n{SC0RoiNerrL - h 14. RN S COSJESr^i: LfcfO^ 
WM (fg + c + h) mod mZtm*Smte : b<DX'& 

y . rn s gmxDTX-vfflikffiM Zftte o ffiawm 2 0 

l~2 0 n . RAM 2 1 i~2 1 nj &X>'ROM2 2 i~ 



2 2 n *^5). ml£RNSSJ&©fc&— 
•T'fe'J. f, g, c, d GUjUkDh) tim^pCDggKT* 
#9ffn!IB& 2 0 i (fibliiin) tt. i5C 
aVfJ^Kl. (fg + c + d) mod mZHWtZ>=L 
-vhT'&V. SM2 3, anW*2 4, 7>4y*2 
.5. *2U5>:**2 7, gU&S&l** 

2 8S.t>*H3 2 9 feflft.TV\&. £ffgg2 3 

tt, XtJf, g<mf g$r»ffiLT*Dm#l2 4{Cfii*-r 
•£>„ j&UjM*2 4Uu -«-©aiAf gil^>f 5*^e>© 
AAc, &t>*ff§3 2 9 i^ODfjIHOPJ^^S^ 

d fcinS U »e>ttfc*S£ (fg + c + d) HB&M* 
#§2 8lCffiirf6o ft*. *>fv*-2 5tt. CoxrL->y 
bfr<aO>l¥v hCDA^k jJCgt5^T,' ROM 2 2 i 
!!)^Ilb^^2 6 tC*&^ $ ft A# c &*D#f§ 2 4 

[0 0 15] M&Wgffl2 8 It, ROM2 2 ifrbBZ 
2 7 Kl^SftfcfflSSSRa i Xteb i £ bT 
®Sm?:|V\ jDS^aj^^f g + c + d SrSsmT* 
fflofcJWs&iSW (fg + c + d) mod m^TT 
-5. 

[0 0 16] sKv>aXl*jlW© s E> jjl US 

&7;b=ryxwc<kn{& rn s'cafii&i: bTm= 2 r 

JSOfStC^-tSJWjftllz mod m, .(ffiU z»£ 

[0 0 17] 
While (z<m) { 
z 0*— z mod 2 r 

z i<-z/2 r<7)|g (t-ftfot) z = z 1 2 r + 
z 0v z 0<2 r ) 
z«— z iiti+zo 
} 

[0 0 18] 
z=z 1 2 r +zo 
= z 1 (2 r-ti + ft) +z 0 
= zi (2 r -M> +zim + zo 
= zia + zo mod m (m= 2 r — #©/=• 

«>) 

z o £ z i ©ftjf&> *fc£fl£ (zi/i + zo) mo 
d m#&5 %>©©, zo* ! z ©T& r^h & Jftffi b 
Tf#bft zi* 5 zlr t'y h:£i/7 h bTffbft&fe 

[0 0 19] M£mM%k2 8 It, Z.<D*-5lz3mSmh 
— (fg + c + d) mod m= (z i/i + zj)) mo 
d mfcH^-fSo 33T% H^fifOSI^^^h' 
li, BBsUftvvi/-7T60WWlcj:y, fentitiKSft 
jSm«fcy%*ft^«^=bb<»HI-Wft^ (m^h' ) . 
¥9lt A*MHM3*VTt5^LfcJft{ii ■ 3tJ£ ■ 
fcSM&JfcWHBgSft. «6m«J:y=b/jNSVA«^ (h' < 
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m) latm&mmg^h wxr, w&t*^) t lx 

[0 0 2 0] £3 l/v^* 2 9 ftftSI&Stlttgghli, 
f^nmS§2 0 i £> v (b ffi^J cE ftT R AM 2 1 i tC#i&£ft 

^uo^aiuss 2 o i <DW£&izitfflm<m\& 

ffigfeMA £ VTiumfc 2 3 fC-£*.e>ft&. 
[0 0 2 1] 

io >3*um»i£e&tw&-m. sK^>axi*;ii#©* 

5*Xfcv v-c, ^SffiSS 2 0 i ©§g&ftncgg 2 8 ic fctf 

• SPJ^mm o d maW^St!^^ bT«ft## 
\,\(DT\ Rawer =L—y r-(DWMZMMiL t>^TtiCox-R 
owerT - *T V \Z J: S aOfSrHBSft-t S fctt© * v 

[0 0 2 2] Z.<Dt-tb, #Mmod mCDjgft^S 

[0 0 2 3] #|^ULfciEgBt&%*LTfc3ftfcfc© 

20 3l£flBM;T:-£, se>lC^W9«sSOIGtS©flBiftS:* 

[0024] 

[HM«:*e***fe«>©#®] *WB©»?»i Rower 
3.-<> h?0|&J|ft)^«:JHFnU M^SrJjpSpWKlfT 
ftoZtlCfeU, Rowerrt- >y h©^0IH 

[0 0 2 5] WU£ ^©»^h=z mod m 
«7^ftli ^Sh^miUfe'J^^tt (h< 
30 m) ^tltC^b, *^^-50J^h = z 

mod m©i»7*frl*, h 7b'< 2 r «fc y ^/Jn$ 

V^ilS (h<2r) T'feSo rttmS:2ii^R 
bfc££©tf<y h»re*S. -tftfct., m<2rfflMi 

AS V Mfi 2 r sfcgKCTtfo fe^*T-*J^%:^7-tS© 

[0 0 2 6] 3©cfce>tCi^7^f+?:^f0bT^ 
^4-r-g>^©fFfffitc «fc V?iaj<Z)iElftSS:88BBbTV^ 
©T%. S»©ffl«lt«:jKa#-r*3.i:««1?SS. $TPXh 
40 ©«ke>ft*5S^©#7-{Cil^VNT, ^ftWtc^T©* 
^ft#ibW9lce>ti*. ft &m l lc»jcE-t*«Wldu IE 

®«NL N*»©jE©iasx, ytzxtitu m 

&&M?kV>gj&%: (ai, a 2- aj, •-, a n } 
feitflbi, b 2 , -, bi, -, b n ) (ISIS 
n, nltiEOBSR) £Lt-££, iuf2SJ&©^ift©St« 
tbT^*$nf_^B (=b l b 2 -b n ) §:fflv^ 
T, aj*w=x y B-lmo d N t-8XD^:Z/ 
^UiSSaT'feot, iufi&g«©S^ (ai, a 
2, — , a n ) jSitf {bj, b 2 , — . b n ) tfulB 

50 mfiwnn&mcDmmtm^tmmzti&miim 
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ISA* I i g if -y h £&tc ^CD^-Is] 

©SSt{ai, a 2, •". a n } { b l , b 2. 

-, b n i tmmh-tzm&n mu-&m=2 r- M 

14£|£0>-1SR. r I4m^ 2 r SrSBfc-ffflS. a li 2 r 

SXlifflm 2 IBte#^ >b ©A* x ,' y <m x y tm 

o* t A* £ fifciiflBWiflttJHgSi c£©fn(xy + d + 
c) frbfeSAAz «iU zttIE©S8R) SrSWSi: 
#IC, Bt(iaA*zCDffimfCi:^PJ^Wh = z mod 

h' £iufB«m©±PftfI2 r££jt!RU tulE^f^* 
h' #2 rvxt<?)£giz\i.%mmf1£$kh' fctufBA* 20 

[0 0 2 7] «*S2tc*rjS:-tS«9ili. M&g 
lfc^^^rr^jsfejtggracfcvvc. itifEJBk&ir 

SPilLTte, WIBA*z©t£mJCj:€>PJ^Wh = z m 
o d mZmftZ £ SulEA^; z ©Tfe rt^h ©ffi 
z 0 i:. ItflBA* z #> "b |88ETfit®fi[ z o ZtiV> ^-±& 
tfy h©fgz i fc8r**«itii'*.5i^/ hiURSPt, fffiS 30 
tfy saw»ic«fcyj*aisnfcjbfibf>y h©iiz i t«r 

(iHtiffi^V h^aPtCj: »J«lffl£*lfeT<£r f v h<D 

mz o £©w (z i a + z o) zwmtzm&mtzm 
itfia^J^msptc j: ftUfsis* h* 14. Miain^gptc 
«t*j»e>nt?n (zi/t+zo) t»6^>^u*» 

[0 0 2 8] $e>tC. »#JS3tC*«&-f**89§tt. s£(D 

mwt. KfmniEoym&x, ytzxtitu m& 40 

WM7k<£>£i&%: (ai, a 2» — . ai, — , a n } S3 
cfctKtbi, b 2 . -, bi, b n ) (lSiS 

n . n iti£<DW8.) tLt-t^ mvm&<z>mm(mm 

£ LTJfejftSttfcfiBRB (=b 1 b 2 -b n ) &J§^ 
T, tt5*w = xyB-lmod NSrjrffi-t&feft©^:/ 
^'Jimi'feot. iuffr&»£©gfii (ai, a 
2. •". a n ) fcilMbi, b 2 , •-. b n } tfUIB 
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Htfrt«>iE{K«JCDgi:, SuiBlgiIBlSM©fB1Si^ 
feJ:tfl&lffie(S«itCS®aj*k i iC^c^T, IuIBS- 
SJS©SI^{ai, a 2, •". a n ) j3ctt>* {b 1, b 
2,. -, b n } Z&mft&m&K (fiU Sm=2r 
- ft tiSJKcD-Sm r ttmiS 2 r M- \t 

m&ffiM3M\z «k s fmmyf^tfmfeznz&i 2 ibis 

% 1 iamxS©f Bmrt^XtttufB^ 2 IB-ffcOicDIBIlF*! 
m^OAJjx, y(Dmx y ^BolU^J^oMmd £ 
IWffia(KS»tES©ffi*k i lC»o'^A±f$n-5ttffB* 
Suft^lg*c ham (xy + d + c) frib>t£Z>A±lz 

(fiU zttiE©^) SrgWStfttC, IfflBA^z© 
i*mlC i SS^H h = z mod m ^^Tf ^*is^W 
XMt> l?ffB«^»X@tCj:S|^T^h' tlulKfim 
©±PSM 2 r £ £ Jtig; u tulBH^f h 1 ^ 2 r jgU: 

<Dt.fi \z\z^mm t&k h ' feitfi BA^3 z itiiSI 

^KCDBfcau SWE^fSSJfth* ^2^i©ht!C 
h ' h t L/TfuiBH 

2|B«X®Cffl*-rs;b-^f!fiifJjgil, 

[0029] m&m.4 izMfo-r&mttt: m#m. 
3 tc*ff&'t-g> ; E>^ ysufc&sacfcwr. luiBPJ^* 

XSi: LTti, StTlBA^ z ©SsmfC J:*iOjS*Jfh = z 
mod m Sr^Tf S t S> JtflBA* z ©Tfi r hT'^y h 
©Hz 0 M§&XjJzfrC>1ffiZT@.<DMz 0 Srfiftv^fc 

©tz i^iffit^iiit, itFiaaufccgfciu 

#e>tlfe«z 1 AtfulBtf^ h3HRIiglCJ:»J»fflSn 
feTfirlfy y<Dmzo£.om (z 1 m + zo) fe^ffi 

+ z 0) T'feS^^nV U^^iST'fe*. 
[0 0 3 0] (tfs/B) fct, ft#.^ 1 , 3 \Zttl&-?Z> 

ftmit&jL<D£ote&mzmctzz£iz£v, m&sm 

^> ©A* x , y x y £ WiMKDffl&WDffim. d 

i:iafitswa©m*k -i ic*^A#$n-5#f&ni£ 

*g*ci:©fO (xy + d + c) frbtt&AJlz (fiU 
zi4iE©^) &5ftf*i:*»C, A*z©?£micj;«>id 
3^#h = z mod mfcHfrU ^-^«lWap*\ PJ 
^gPfCtS^f^Sh' ^iSm©±P^fI2 r £ %Sm 
U Hf^SJSh' #2 rj^<BfcglCl4MaKllff*££ 
h' *A*zfcUT*!l^|iai»CMU S^f^*h' ^2 
r ^© ^ IZlt^mmm h ' $:*J^m©^ h 
UT^ 2 IB1S#gtcai+j-t 



[0 0 3 1] 3©J:-MC, jSmT'WSflifcBT&SlCfclH 

[0 0 3 2] «&»^7^&I^Lfe*\ ft 

iS -T SSS&DfffilBC «fc y ifllS©IBt*4 &5tfS L T © 

[00.3 3] ft#^2, 4 lCjl*JEE1--6lfiWJt. PJ 

LT«U . tT>y YWPBft* A* z (DjSmtCtS 
pj^h = z mod mZmflr&tg. A*z©T 
fir^h©iSzo fc. A* z bTfiKDtt z 0 * 

haHRSWC«fc»jaffiStifc±ffi^'y h©ffiz i h&mtc 
H"t*A*M4l**1 , fei:*,- ]eS#©«z i yufcJWi 
U tmm\ «Jtt»cJ:»J»&*ifc«t2 i A«ttr % v h 
j§#l8PlC.J: yWifflStifcTttr bfy h©ffiz o £©>fa 
(z i m + z 0 ) feUCfflU *bfcJS«PK:J:$2&t5*S* 
h' WfBVL <t y#e>*ifcfa (z i ai+'z o) ill/ 

[00 34] 

mmnmi&nj&m sir* ^mmco-mm^w^^ 

y fsnQgatfttf^Sjtcawi a ^ > ^ y ssjsr^if 
yxAtco^TSwa-r*. *-r. rns^wc^ws^ 
y 3* y ^r;b=ry xa &«!?§■*<&. - ' t?. * > =r 

^USWIOat&Nku A*£x, y<2Ntt4. Hi 
AteU w= x y B _1 mo d N, Xl£w = x y B _1 m o 
d N + NT*S. fe=EV^'Jil7;i/iUXi, 
^ i^ffl J: ^4 7 O0^f 'V T 1 ~S T 7 TSt 

ST1. <s> a < -<x>a<y>a> <s>b*~<x 
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*>b<y>b 
ST 2. <t>b^<s>b< (~N) ~l>b 
ST 3. <t>bA^«iSJjz3filCc!:y<t> a Ub£* 

ST 4. <u> a — <t> a <N>a 

ST5. <v> a — <s> a +<u>a 

ST6. <w> a — <v> a <B"l>a 

ST 7. .<w> a *^ffiSfi£!5tC e fcy<w> a Ub 

©£. 

10 [0 0 3 5] <s> a tt, lEaCTtffisffi 

RNSSS&St. ^©ftfi<Z><t>b&£t>|e!«T*& 
S. «jLli<s> a li. A-aia2-a n tSM* 
m^m<7)7i s a ©&?S)S a i ~ a n T'fOo fok »J 

®i(si, s 2» s n ) 
[0 03 6] S£b= (bi, b2. -. b n }l*»£ 
ai:«S!l©RNSSJ£T'*>y, B = b i b 2-b n ^U 
fet*, A^B©*A£*Jf&g c d (A, B) =lT'fe 
-g>ai£T-fe-5„ ^f-v/ST l~ST7©lE5|&ft^C 
I*. 4"i<£:%N<A, N<Bfcv0^jtf#*T& • 

20 £©&#*>& x^ytt. g|£a©*» 

bCO^T— SttlC«a7»g Ai3x$:<x>a, 
<x>b©- r <7T-*f3illi5l.*TfeSo LAM/, A* 
x, yli, M#©«s©t&$SBA , :0^s<N2T-&£ 
fe©, Ma, b©&0f*^aUb«:3B£aUbi:LT 
*&«bTiEL<30Ran*.' 

[0037] vuxokotty^* yjwiT^=r 

yXA©-*>*>, XT'^STS, ST7©gJgJd35t;:o 
^TSWa-TS. V^*/SS:A5|5jft®^«aBSilL (0£/J 
<A) , #MUB@R/3©RNS*3I«:</3>a"= (/8 1- 
30 15 2. B n) Z1Z1T% </3> a *^3SSfi£ 

at«ty<|8>aUb*#*Stt6 0 
[0 0 3 8] £©fc&. Jf*Q©*BIPM^Jl^<b&© 

(i) AA^tyAo. 

[0 0 3 9] 
* GRiJ 



(>£ S ix (Ai 'mod 

i-1 



i ) x a i mod 



[0 0 4 0] fiU Ai=A/a iT'&y, Aj-lttS . « [0 04 1] 
aiCj3lj5Ai©iailStfe5„ Z©££ (1)5$ 40 12] 
fflmodA4*ffi (2) ^©«ke>lCM^T'=b^:So * 



( i ) 



(Ai"' mod »i) XAi-kA 



(2> 



[0 04 2] (2)'SC©J:e>lC. mod A£^T*3t 



[0043] &ic, mk^ajtss:. 5»*©av^ 
;iw©T;i/ijyxAS:Siwt«>. (2) ^©Bsa&A-e 
tost. ?^© (3) ^ic^Sc 

[0 0 4 4] 
B&3] 



11 



(7) 



#PB2 0 0 1 -3 1 8 7 8 5 

12 v r :. .... . ... , 



n 

S/A- 2: (JiXAi'Vod 1 i) / . i-k' - (3) 

(3) StfcSEJB-f* i&eo (4) ROi. vtztci,. 

n ' 

k=5: ( fi i X A i ~' m o d a i ) /a i - B / A "(4) 
i=l 

(4) to!,Oif/A<l«:fflv>Tftn (5) SCO »««:«* 6, 
n 

k £ S ((iXAi"'«td ei)/ai<k+l -(6) 
i-1 



[0 0 4 5] ZZLX\ /J««TW^I2f [] T? * [0 0 4 6] 
(5) ^{C«^ (6) ^<Z)iotcm [R4] 



[ 



i=l 



[( iXAi"'aod a i ) / a i ] 



(6) 



[0047] z<d (6) sa*. BS»s:'it'tffc«). ;nw* 

(7) ^^^{C^ft^&LTmk' Srsfc&T 

[0 04 8] 
GR5J 



[ S trunc ( f i ) / 2 r ] 



(7) 



[0 0 4 9] 3IT*. I i =/? i XA j-lrao d aj 
trunc () 14. r f>y hCMfct i ± 
&qt^y r-£»SLT_h&qbfy h@i'JT&© (r- 
q) 1ft/ h 5:iT0 tC-f&^JtTMifcT&So r t iSJg 30 
gUt© tf ? y , q 14 r 5fc«©IES8SrT*&-5. 

[0 0 5 0] |ggHC (7) ^14, /\-Kfi7TfWS 

jeiiT©j:-5tc3s^69tciitfsns. . * [0052] 

e a =max { (2 r- a i) /2 r) - (8) 

8 a =max { (fi -trunc ( S i ) ) / a i } 
fcfe. max 0 I4i£l, 2, -, nfcSfcfrLfei:* 

©Jftfcffl&art-. /riwci'ttfi. ifte>»fl3SKe a . 
5 a ^v Ktseifltkn do) ^©ttHrttcfesi: 

[00 53] 40 
n (e a + 5 a ) A^/?<A ••• (1 0) 

/UtttcJtfUi. tjjptMHD (11) S;©®Hp*g 
&mm-C> (7) 3»4IELV*kXl4k- 1CDH 



SSfor (i = 0 ; i<=n ; i + +) { 
20 a i = oi-i + trunc (f i) /2 r 
ki= la O 
a i = a i~k i 
} 

Z-ZT\ a 0 = <*. 0^a<l ZWffl&tt&l aim 

[0051] ( 7 ) i&x*mktmhtz.m:K ». 

(6) 5£T*» fensiEffiJWfifiRktcMLTjaiSlKSI*^ 

(7) SMXjBBtS^DffWB©^*!). 
(8) ~ (9) sSfCjjVf 4e>lC (7) ^CD^Of^B 



(9) 



★ [0 0 54] 

0^jS<n (e a + 5 a ) A - (1 1)' 

(7) ^(cs^^t, ja^fflk' &itmu 

(12) S&#i = l, 2, -, rUCo^-CH^rf-S^ 

*. ulz<d (12) sw>«^iig^*^us«r«tt^ 

[0 0 5 5] 

me: 



gaoc b i = Z (£ i X A i nod b i + k i ( b i - A mod b i ))nod b j 

i-1 

- (12) 



[00 56] JSU*DSW§-eHU a * "bSJg b ^CDffi Jg b *» e>&£ a AffliUllim 33 4 IftPASSR 
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[0 0 5 7] £*>IZ. )UWCJ:ftl4\ r©ifi{£tf«k' £ 

ftofea&taaasT^uxA (12) ss^/s^t, *t- 

;i/JUXAS:*ffLfc»^, *©5^5*ft (13) ~ 
(17) ^mt-irtmzit. w = xyB"lmod r 

N, w<2NJStKw>aUbfelli*t4:i^*l 

T^-S= 'IT. A = n (e + 6), £ =max 
{ e a > £ b) < 6 = m a x { 6 a , 5b) 
[0 0 5 8] g c d (A, B) = 1 ••• (1 3) 

gcd (B, N) =1 - (14) 

0^Aga<l - (1 5) 

4 N/ (1 - A) SB - (1 6) 

2N/ (1 -a) SA - (1 7) 

Ri^#*8iJBicaus $ ft* *e > if* U Sl?7;i/dr y X A 
fclC ^©J^&^^U^T^UX 

[0 0 5 9) 01 W^B^C-lMffiC^S^^a^ 

@31iZO^DIl]i^^I<7)|^CtlIS&(D^5:^1-«^ 

[0 0 6 0] ^-^fe. :£l©©£mJu fffcfiL7cCox-Ro 

i ~h 3 izm? <t e> tc, L&s&ftjfti 2 8 

2 0 i ~ 2 -0 n IZftTLT. B£Jt« 40& 
m-t&ma®&3 0 i~3 0 n 5:iiTV^ 
[0 0 6 1] lit; *9»IEB|3 0i ({ILlSiS 
n) J4, ^{Carf-J^lC, (f g + c + d) mod 

IC-fatT, iiai4 0?:MTV^. fcfc. m«, to 
iSBtKlCRNS3S£®*>S— SSRT*>S. flu f, 

g, c dii. mtcDm^mcDWktimtev^ i v $k 
[0062] wmmm m&ffimm) 4 o& immi 

4 (Dfttl&gk f g + c + d &iSmf|Jofe»^h &tf* 

ftT'fciV^, S3lC^-r«ke»^ hf? HHWSM 1 , " 
StHf§4 2, iD^#|4 3Xtf/b-7lWW»4 4 feffAT 

[0 0 6 3] tf y h^RgP4 1 »±. A#3ftfcfflRz & 
Tfirli7h©izot- AASftfeSBRz^bTiar 

[0064] z o = z mod m 
z i = [z/2 r] 

mm** 2 it. try hs^gM i tcj:yajtBSftfe±ffi 
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h®iz l fc. &rn£m=2 r t*bfet*© 
M^©tz uiUfU »e>ftfc«z i A^*D^tl4 

[00 6 5] iDlJtf 4 3 14, \£y hS^SP4 1 T«£ 
ftfez o£MHM 2(Dfcjiz i ittS:DnJ9L-t 

[0 0 6 6] ;U-XM9SP4 4 (4, AD^|4 3©ffi*» 
«zi/t+zo S:Sm©±PRffi2 r iiiftKU *£VM8 
£=bL<(4|W)b#£- (Zr^zi/i + zo (=h' ) ) 
ttzi/i+Z0 £3fc#>T z £ LTbfy h3Hft8P4 1 CA 
10 ALTfltfi&HBIU 'J>av«#ttz l z o SrSOafc 
JttS*hfcl/t£3 \s*J*9 2 9 ^LTRAM 2 1 i 

t>, R&IIM4 0©ffi;fthJ4, h = z mod m, h 
<2 r $:ifett,fflT*So 
[0 0 6 7] rfttC. JSLh©J:'5fC«BfcSftfc i E>^ U 

[0 0 6 8] *HfiB&ffi£K& A*x, y, £ 

N, »£a, bfeipfllU ROM2 1 i~2 1 n C#S 
(ai, a2, -, a n ) feWIbi, 
20 b 2 , b n ] fcffi:fcw©jffflM©JW&fra«S£i:S: 
BBtlS-tffcffc ^f»;^STl~ST7CW>^'J!| 
M-Tfl/3VXJ* : &9&ft&. Xt7^ST3, s 

T7©aassa3»i4. ;iw©t;i/^uxa (12). &\z& 
oTH^T^ft*. z:©i:£, coxn.^>v hhLttt, a 
i£©jj£»ffl©A;fr S i Srgtt* Kti i i ©±ft g if 

fitl^y hS:BSS<anWiS*fcS:iD3»U »e>ftfeinJtt£SI 
©•it), S±&£">y h©fflk i ^Rowern.r.>v h©S 

faiag& 3 0 1 ~ 3 0 n tea}*-**. 

30 [0 0 6 9] $T, IIt ; E>^'JiS7;i'J | JXA 
ST1-ST7 rtO*«S*d®ff»CO^TBSfi-r 
<&. STl©lt^<s> a *-<x>a • <y> 

a ©^— JSSc^x 1 • y 1 mo d a i $r#x*o 
[00 70] Z©ft®:i4, HI *, Hi ©Rowern- ^ 

HT^*5ft sbs^Mtjwis 1 oimoBmtz o\\z^) 

»3 0 itCAASftfcx 1, y i*«3S!W»2 3(CA*$ 
ft^c 3tt*©Wx 1 • y 1 S:tf4fLT}flD3S» 

2 4 &Cffi;fr1-£c 
40 [0 0 7 1] Ifflimt'd ^7f2 5«V^^5 

rotAAcAK, «na©iffiwig*dt;07?«>s. n© 

«x 1 • y 1 £ d = 0 fc*%DHD»2 4 (CA#£ft 

*„ 

[0 0 7 2] *D^f§2 4 i43©fP5:fmLT[^milIg&4 
OtCfflifrtS. I©l§^x 1 • y 1 Uga i&aj 
= 2 r- M x tLtztZCOft 1 i:*«|»|Hl»4 OKA* 

[0 0 7 3] r'T\ K^EIS&4 0{4, h = xi-yi 
mod ai (fith<2n $:ai*f*c Zl 
50 ©|^Ilffi&4 014. ma 1 ©BfcgfcUffrSfc©©, t¥ 
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2r^ufe©T% m3izmvr=.mf8iz.\f&t>-r. m&n* 

[0 0 7 4] £T, $8&z=x i • y i*WHli?S4 0 
(CA*£4"l&=. 

[0075] e^m§ei4 oics^tn try hs^gp4 

1*\ Tfirt:«yh©izo = zmod 2 r £ % ^tj 
©±fitry S0fz i = [z/2f] titiHU ±{£ 
tf>> h©ffiz i £A*m i il#ilS*RS4 2fCA#£*i 
•5. 

[0 0 7 6] ^#§4 2M«z i n i SrltltL-OffllKft 

i T-it&aisnfeT&tf^ sofflz o htftomsA 3 ka 
[0 0 7 7] ;&n#§§4 3«u rne>fflfDh»zii»i + 

z oZtmLT 

[0 0 7 8] ;b-^f!lffllgP4 4 «, #tJ|S#§4 3 ^e>©aj 
*h' 'Srj£m©±PRtt2 r t^/jxttjRU tB*h' #2 
v tX£<D£^ ffl^Jh' &ft«&Ttf<s» h3HR»©A#z 

[0 0 7 9] ^-TTWWffl^tt, A/jNJ:b«C©|g 

*. ffi*h#2 r^^h^iC^lz-^ThW^TU 
ffi^Jh' fePJ&hiiLTflWrtS. i£a i 

<0*bfcJ* «*Tfc ? fcOT'feS*\ ffi* h a i «t »J A 

[0 0 8 0] Z<D£^h-x i • y i mod aj, 
h<2 r hli, SffillI18&3 0 i frbtttflS 

tU RAM2 1 i fC*S*fl$n-5c 

[0 0 8 1] rOSP^J^tCtiRowier^.— y hT'^SO^ 
Safc5^*t#l±H«kO^«:ff>Jfce>. lit, 

mow2mm8&4 o\z^m\^m-oymmt\z-o^xm^ 



n ( £ • 2V (2T-1) + 6) ASK1 
fljtfifc© (11a) ^OttHrtlCfetUi. (7) * [0 0 8 9] 
5ft0i&fi8M9W4IE k Xtik - 1 * 

0<Kn (£-2 V(2^-l) +6) A - (11a) 
3*l<b (10 a), (11a) SWi. *ft-£tt«B4 Lfc *&#C© (15 a) sSfcl 
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[0082] ^mmt. mumA 3 

h' i:, IBSSR©^y'h»rTare6±Ba«[2ri:S: 
A/Ntiget ffi±rh' # (r + i) fyhfiUiT* 

***^gj^s:«B8-r*itf«fc^©T, flaw)!****;*, ' 
[0083] zKD«te>^;b-^»fe^«)i; 

»WU ffi*h^±[55ffi2r^ (h<2r) 

*T?<3!)»iSUii«5re&s. tsawj^-TTiBSfii. 

ttrtdjWSaijta (d<a 1) (Cjfe^**T*fflt1BB 
UIfiR"C&S. 3 3T\ UiOllIa i l±-£tf>hf«y hjR 
rlCj3WS±J»«2 ■ r «fcijt/h£^ (a 1<2 r ) . 
[0 0 84] tot, -*HC ffi^ h tf±$m 2 r 

[0 0 8 5] -ttjJb^ *mW\Z. Z<D£${ZJ\,-zfWl 
fi&r>'#&£^T:*^:/STl~ST7©^>rf* 

[0 0 8 6] v^, ##©l¥fffil»££ £ S:, e<2 

30 |giBS:«£-rsfc«>tc*AbfciESaRT?*S. 

[0 0 8 7] 1©^, (3^0 (1 0a) So^irt 
(7) acwafKtHHiiEU^k©«tS:#A 

[0 0 8 8] 

- (1 0 a) 



l?Z>Z£T\ w=xyB~l 



(10), (11) *ttcMJSLfc*#Tfc»A #^.TV> 40 

•S^JEt) (10), (11) ^©H^s,i:llDi:i-«>c * 
fc, =E>=r^y^%>Bti«ELfe5o©^ (13)~ 
(1 7) ^©e>*>, MiE^a©|gH&^fefc (1 5) 5£* 
0^n (e • 2V (2 t - 1) + 6) 
^fflJL. N^l,024lfy K©#^-&#^.-5^ n = 3 
3, a=0.5tmtlHBk<. Z.0)£i*±a>T\t. t^2 

2 mm t &ft-g> 3 h *q«sgT * § . 

[0 0 9 1] Z.(D££2 */_ (2T-1) lil (C+4Jifi 
<, (10 a), (11a), (15a)a®^#lt 
■tn-ftl(lO), (11), (1 5) &£ttfaLX^ 50 



m 

od N, *fettw=xyB-lmod N + N*ffi*"t 
[0 0 9 0] 
A^a<l - (15 a) 

[0092] *mm&mzmfi;t-Wr£tT°$> 
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